Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Server Name Indication (SNI) support for https. 

Needed for e.g. some github URLs.
This commit is contained in:
wiz 2015-09-12 19:38:42 +00:00
parent c82c3049c6
commit f9b7d2341e
3 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
usr.bin/ftp/fetch.c
View File

@ -1,7 +1,7 @@
/* $NetBSD: fetch.c,v 1.206 2014/10/26 16:21:59 christos Exp $ */
/* $NetBSD: fetch.c,v 1.207 2015/09/12 19:38:42 wiz Exp $ */
/*-
* Copyright (c) 1997-2009 The NetBSD Foundation, Inc.
* Copyright (c) 1997-2015 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
@ -10,6 +10,9 @@
* This code is derived from software contributed to The NetBSD Foundation
* by Scott Aaron Bamford.
*
* This code is derived from software contributed to The NetBSD Foundation
* by Thomas Klausner.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -34,7 +37,7 @@
#include <sys/cdefs.h>
#ifndef lint
__RCSID("$NetBSD: fetch.c,v 1.206 2014/10/26 16:21:59 christos Exp $");
__RCSID("$NetBSD: fetch.c,v 1.207 2015/09/12 19:38:42 wiz Exp $");
#endif /* not lint */
/*
@ -782,7 +785,7 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
#ifdef WITH_SSL
if (urltype == HTTPS_URL_T) {
if ((ssl = fetch_start_ssl(s)) == NULL) {
if ((ssl = fetch_start_ssl(s, host)) == NULL) {
close(s);
s = -1;
continue;

14
usr.bin/ftp/ssl.c
View File

@ -1,8 +1,9 @@
/* $NetBSD: ssl.c,v 1.2 2012/12/24 22:12:28 christos Exp $ */
/* $NetBSD: ssl.c,v 1.3 2015/09/12 19:38:42 wiz Exp $ */
/*-
* Copyright (c) 1998-2004 Dag-Erling Coïdan Smørgrav
* Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org>
* Copyright (c) 2015 Thomas Klausner <wiz@NetBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -33,7 +34,7 @@
#include <sys/cdefs.h>
#ifndef lint
__RCSID("$NetBSD: ssl.c,v 1.2 2012/12/24 22:12:28 christos Exp $");
__RCSID("$NetBSD: ssl.c,v 1.3 2015/09/12 19:38:42 wiz Exp $");
#endif
#include <time.h>
@ -545,7 +546,7 @@ fetch_getline(struct fetch_connect *conn, char *buf, size_t buflen,
}
void *
fetch_start_ssl(int sock)
fetch_start_ssl(int sock, const char *servername)
{
SSL *ssl;
SSL_CTX *ctx;
@ -569,6 +570,13 @@ fetch_start_ssl(int sock)
return NULL;
}
SSL_set_fd(ssl, sock);
if (servername != NULL) {
if (!SSL_set_tlsext_host_name(ssl, servername)) {
fprintf(ttyout, "SSL hostname setting failed\n");
SSL_CTX_free(ctx);
return NULL;
}
}
while ((ret = SSL_connect(ssl)) == -1) {
ssl_err = SSL_get_error(ssl, ret);
if (ssl_err != SSL_ERROR_WANT_READ &&

4
usr.bin/ftp/ssl.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: ssl.h,v 1.2 2014/01/07 02:07:08 joerg Exp $ */
/* $NetBSD: ssl.h,v 1.3 2015/09/12 19:38:42 wiz Exp $ */
/*-
* Copyright (c) 2012 The NetBSD Foundation, Inc.
@ -42,7 +42,7 @@ ssize_t fetch_read(void *, size_t, size_t, struct fetch_connect *);
char *fetch_getln(char *, int, struct fetch_connect *);
int fetch_getline(struct fetch_connect *, char *, size_t, const char **);
void fetch_set_ssl(struct fetch_connect *, void *);
void *fetch_start_ssl(int);
void *fetch_start_ssl(int, const char *);
#else /* !WITH_SSL */